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Abstract 

It  is  well  known  that  optimal  logic  synthesis  can  ensure  fully  testable  combinational  logic 
designs.  In  this  paper  we  show  that  optimal  sequential  logic  synthesis  can  produce 
irredundant,  fully  testable  finite  state  machines.  Test  generation  algorithms  can  be  used  to 
remove  all  the  redundancies  in  sequential  machines  resulting  in  a  fully  testable  design. 
However,  this  method  may  require  exorbitant  amounts  of  CPU  time.  The  optimal 
synthesis  procedure  presented  in  this  paper  represents  a  more  efficient  approach  to  achieve 
100%  testability. 

Synthesizing  a  sequential  circuit  from  a  State  Transition  Graph  description  involves  the 
steps  of  state  minimization,  state  assignment  and  logic  optimization.  Previous  approaches 
to  producing  fully  and  easily  testable  sequential  circuits  have  involved  the  use  of  extra  logic 
and  constraints  on  state  assignment  and  logic  optimization.  In  this  paper  we  show  that 
100%  testability  can  be  ensured  without  the  addition  of  extra  logic  and  without  constraints  on 
the  state  assignment  and  logic  optimization.  Unlike  previous  synthesis  approaches  to 
ensuring  fully  testable  machines,  there  is  no  area/ performance  penalty  associated  with  this 
approach.  This  technique  can  be  used  in  conjunction  with  previous  approaches  to  ensure 
that  the  synthesized  machine  is  easily  testable.  (/) 

Given  a  State  Transition  Graph  specification,  a  logic-level  automaton  that  is  fully  testable 
for  all  single  stuck-at  faults  in  the  combinational  logic  without  access  to  the  memory  elements 
is  synthesized.  This  procedure  represents  an  alternative  to  a  Scan  Design  methodology 
without  the  usual  area  and  performance  penalty  associated  with  the  latter  method. 
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Abstract 

It  is  well  known  that  optimal  logic  synthesis  cau  ensure  fully 
testable  combinational  logic  designs.  In  this  paper,  we  show  that 
optimal  sequential  logic  synthesis  cau  produce  irredundaut,  fully 
testable  finite  state  machines.  Test  generation  algorithms  can  be 
used  to  remove  all  the  redundancies  in  sequential  machines  result¬ 
ing  in  a  fully  testable  design.  However,  this  method  may  require 
exorbitant  amouuts  of  CPC  time.  The  optimal  synthesis  proce¬ 
dure  presented  in  this  paper  represents  a  more  efficient  approach 
to  achieve  100%  testability. 

Synthesizing  a  sequential  circuit  from  a  State  Transition  Graph 
description  involves  the  steps  of  state  minimization,  state  assign¬ 
ment  and  logic  optimization.  Previous  approaches  to  producing 
fully  aud  easily  testable  sequential  circuits  have  involved  the  use 
of  extra  logic  and  constraints  on  state  assignment  and  logic  op¬ 
timization.  In  tliis  paper,  we  show  that  100%  testability  can  be 
ensured  without  the  addition  of  extra  logic  and  without  constraints 
on  the  state  assignment  aud  logic  optimization.  Unlike  previous 
synthesis  approaches  to  ensuriug  fully  testable  machines,  there  is 
no  area/performancc  penalty  associated  with  this  approach.  This 
technique  can  be  used  in  conjunction  with  previous  approaches 
to  ensure  that  the  synthesized  machine  is  easily  testable. 

Given  a  State  Transition  Graph  specification,  a  logic-level  au¬ 
tomaton  that  is  fully  testable  for'  all  single  stuck-at  faults  in  the 
combinational  logic  without  access  to  the  memory  element l#  is  syn¬ 
thesized.  This  procedure  represents  an  alternative  to  a  Scau  De¬ 
sign  methodology  without  the  usual  area  aud  performance  penalty 
associated  with  the  latter  method. 

1  Introduction 

Test  generation  for  sequential  circuits  has  long  been  recognized  as 
a  difficult  task  [5].  A  popular  approach  to  solving  this  problem  is 
to  make  all  the  memory  elements  controllable  and  observable,  i.e. 
Complete  Scan  Design  [9j  [lj.  Scan  Design  approaches  transform 
the  sequential  testing  problem  iuto  one  of  combinational  test  gen¬ 
eration  which  is  considerably  less  difficult.  They  also  remove  all 
sequential  redundancies  in  a  circuit,  since  direct  access  is  provided 
to  the  memory  elements.  However,  there  are  situations  where  the 
cost  in  terms  of  area  and  performance  of  Complete  Scan  Design 
is  not  affordable.  Also,  the  testing  time  associated  with  Scan  De¬ 
sign  is  higher  than  that  of  a  non-Kan  design,  because  values  have 
to  be  sequentially  scanned  into  and  out  of  the  memory  dements 
one  dock  cycle  at  a  time. 

It  is  weD  known  that  optimal  logic  synthesis  can  ensure  fully 
testable  combinational  logic  designs.  In  this  paper,  we  show  that 
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optimal  sequential  logic  synthesis  cau  produce  fully  testable  uou- 
scau  finite  state  machines.  Test  generation  algorithms  cau  be  used 
to  remote  all  the  redundancies  in  sequential  machines  resulting  in 
fully  testable  designs.  However,  in  general,  this  method  requires 
exorbitant  amounts  of  CPU  time.  The  optimal  synthesis  proce¬ 
dure  presented  in  this  paper  represents  a  more  efficient  approach 
to  achieve  100%  testability. 

Synthesizing  a  sequential  circuit  from  a  State  Transitiou  Graph 
description  involves  the  steps  of  state  miuimizatiou.  state  assign 
meut  and  logic  optimization.  Previous  approaches  (e.g.  [S] )  to 
producing  fully  and  easily  testable  sequential  circuits  have  en¬ 
tailed  the  use  of  extra  logic  and  constraints  on  state  assignment 
and  logic  optimization.  In  this  paper,  we  show-  that  100%  testabil¬ 
ity  cau  be  ensured  without  the  addition  of  extra  logic  and  without 
constraints  on  the  state  assignment  aud  logic  optimization.  This 
technique  cau  he  used  in  conjunction  with  previous  approaches 
to  ensure  that  the  synthesized  machine  is  easily  testable. 

The  finite  automaton  is  represented  by  a  State  Transition 
Graph,  truth  table  or  by  an  interconnection  of  gates  aud  flip- 
flops.  The  syuthesized/re-syuthesized  logic-level  implementation 
is  guaranteed  to  be  fully  testable  for  all  single  stuck-at  faults  in  the 
combinational  logic  without  access  to  the  memory  elements.  This 
procedure  represeuts  au  alternative  to  a  Scan  Design  methodol- 
ogy  without  the  usual  area  aud  performance  penalty  associated 
with  the  latter  method. 

Basic  definitions  aud  terminologies  used  are  given  in  Section 
2.  Various  types  of  redundant  faults  in  sequential  circuits  are  de¬ 
scribed  in  Section  3.  In  Section  4.  we  outline  an  optimal  synthesis 
procedure  of  state  miuimizatiou.  state  assignment  aud  logic  op¬ 
timization  that  produces  a  highly  testable  Moore  oi  Mealy  fiuite 
state  machine  beginning  from  a  State  Transition  Graph  descrip¬ 
tion.  Any  existing  sequentially  redundant  faults  in  this  machine 
are  implicitly  removed  using  extended  don  't  care  sets  in  repea  ted 
combinational  logic  miuimizatiou.  These  don't  care  sets  are  de¬ 
rived  using  techniques  that  check  for  state  equivalence.  We  give 
theorems  which  prove  the  correctness  of  these  procedures.  In  Sec¬ 
tion  5.  we  discuss  the  effects  of  redundancy  removal  on  the  state 
encoding  of  the  machine.  Preliminary  results,  which  indicate  that 
these  procedures  are  viable  for  medium-sized  circuits,  are  given 
in  Section  C. 

2  Preliminaries 

A  variable  is  a  symbol  representing  •  single  coordinate  of  the 
Boolean  spare  (e*.  a).  A  literal  is  a  variable  or  its  negation  (e.g. 
•  oil).  A  cube  is  a  set  C  of  literals  sack  that  r  €  C  implies 
T  i  C  (e.g..  {a.b.T}  is  a  cube,  aud  {n.ir}  is  not  a  rube).  A  cube 
represents  the  conjunction  of  its  literals.  The  tririal  cubes,  writ¬ 
ten  0  and  1.  represent  the  Boolean  functions  0  and  1  respectively. 
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All  expression  is  a  set  /  of  rubes  For  example,  {{n}.{h.?}} 
is  au  expression  consisting  of  tlie  two  cubes  {a}  and  An 

expression  represents  the  disjunction  of  its  cubes. 

A  cube  may  also  be  written  as  a  bit  vector  on  a  set  of  variables 
with  each  bit  position  representing  a  distinct  variable.  The  values 
taken  by  each  bit  can  be  1.  0  or  2  (don't  care),  signifying  the  true 
form,  negated  form  and  non-existence  respectively  of  the  variable 
corresponding  to  that  position.  A  minterm  is  a  cube  with  only 
0  and  1  entries. 

A  finite  state  machine  is  represented  by  its  State  Transition 
Graph  (STG),  G(1*  £.1f'(£))  where  V  is  the  set  of  vertices  cor¬ 
responding  to  the  set  of  states  5.  where  ||S||  =  N,  is  the  car¬ 
dinality  of  the  set  of  states  of  the  FSM.  an  edge  joins  t>,  to 
if  there  is  a  primary  input  that  causes  the  FSM  to  evolve  from 
state  r,  to  state  r,.  and  1V(£)  is  a  set  of  labels  attached  to  each 
edge,  each  label  carrying  the  information  of  the  value  of  the  input 
that  caused  that  transition  and  the  values  of  the  primary  outputs 
corresponding  to  that  transition.  In  general,  the  W(£)  labels  are 
Boolean  expressious.  The  number  of  inputs  and  outputs  are  de¬ 
noted  .Y,  and  .V,  respectively.  The  input  combination  and  present 
state  corresponding  to  au  edge  or  set  of  edges  is  (i,  s),  where  i 
and  .<  are  cubes.  The  fanin  of  a  state,  q  is  a  set  of  edges  and  is 
denoted  fnnin(q).  The  fanout  of  a  state  q  is  denoted  fanoul (9). 
The  output  and  the  fanout  state  of  an  edge  ( i.  .«)  6  £  are  o((t.  #)) 
and  »((i.  ,«))  €  V  respectively. 

Given  .Y,  inputs  to  a  machine.  2'1  edges  with  uiiuterm  input 
labels  fan  oat  from  each  state.  A  STG  where  the  next  state 
and  output  labels  for  every  possible  transition  from  every  state 
are  defined  corresponds  to  a  completely  specified  machine. 
Au  incompletely  specified  machine  is  one  where  at  least  one 
transition  edge  from  some  state  is  not  specified. 

A  starting  or  initial  state  is  assumed  to  exist  for  a  machine,  also 
called  the  reset  state.  Given  a  logic-level  finite  state  machine 
with  As  latches.  2'*  possible  states  exist  in  the  machine.  A  state 
which  can  be  reached  from  the  reset  state  via  some  input  vertoi 
sequence  is  called  a  valid  state  in  the  STG.  The  input  vector 
sequence  is  called  the  justification  sequence  for  that  state.  A 
state  for  which  no  justification  sequeuce  exists  is  called  an  invalid 
state.  Given  a  fault  F.  the  State  Transition  Graph  of  the  machine 
with  the  fault  is  denoted  Gr.  Two  states  in  a  State  Transition 
Graph  G  are  equivalent  if  all  possible  input  sequences  when  the 
machine  is  initially  in  either  of  the  two  states  produce  the  same 
output  response. 

A  State  Transition  Graph  Gi  is  said  to  be  isomorphic  to  an¬ 
other  State  Transition  Graph  Gj  if  aud  only  if  they  are  identical 
except  for  a  renaming  of  states. 

The  fault  model  assumed  is  single  stuck-at.  A  finite  state 
machine  is  assumed  to  be  implemented  by  combinational  logic 
and  feedback  registers.  Tests  are  generated  for  stuck-at  faults  in 
the  combinational  logic  part. 

A  primitive  gate  in  a  network  is  prime  if  none  of  its  inputs  can 
be  removed  without  causing  the  resulting  circuit  to  be  function¬ 
ally  different.  A  gate  is  irrwdundant  if  ita  removal  causes  the 
resulting  circuit  to  be  functionally  different.  A  gate-level  circuit 
is  said  to  be  prime  if  all  the  gates  are  prime  aud  irredundant 
if  all  the  gates  are  irredundant.  It  can  be  shown  that  a  gate-level 
circuit  is  prime  and  irredundant  if  and  only  if  it  is  100%  testable 
far  all  tingle  stuck-at  faults. 

We  differentiate  between  two  kinds  of  redundancies  in  a  se¬ 
quential  circuit.  If  the  effect  of  the  fault  cannot  be  observed  at 
the  primary  outputs  or  the  next  state  lines,  beginning  from  any 


state,  with  any  input  vertoi.  the  fault  is  deemed  combination- 
ally  redundant.  A  sequentially  redundant  fault  is  a  fault 
that  cauuot  be  detected  by  any  input  sequence  and  is  not  combi¬ 
national!  v  redundant. 

To  detect  a  fault  iu  a  sequential  machine,  the  machine  ha*  to  be 
placed  iu  a  state  which  can  then  excite  aud  propagate  the  effect 
of  the  fault  to  the  primary  outputs.  The  first  step  of  reaching  the 
state  iu  question  is  called  state  justification.  Tlie  second  step 
is  called  fault  excitation-and-propagation. 

An  edge  in  a  State  Transition  Graph  of  a  machine  is  said  to  be 
corrupted  by  a  fault  if  either  the  fauout  state  or  output  label  of 
this  edge  is  changed  because  of  the  existence  of  the  fault.  A  path 
in  a  State  Transition  Graph  is  said  to  be  corrupted  if  at  least  one 
edge  in  the  path  has  been  corrupted. 

A  multiple  F-type  fault  for  a  line  L.  (which  is  the  output  of 
a  gate  and  not  a  primary  output),  in  a  combinational  network 
corresponds  to  a  multiple  fault  rouditiou  on  the  fauout  branches 
of  line  L.  The  multiple  fault  depends  ou  the  types  of  gates  that 
L  feeds  into.  For  example,  if  a  line  Zi  has  three  fauout  branches 
n.  6.  c.  that  feed  into  AND.  OB.  AND  gates  respectively,  then 
the  multiple  F-fvpe  fault  for  L\  is  a  stuck-at-1.  b  stuck  at-0  aud 
c  stuck-at-1.  If  the  multiple  F-type  fault  for  a  hue  is  redundant, 
it  means  that  the  hue  (aud  all  its  fauout  branches)  can  be  bodih 
removed. 

3  Origin  of  Redundant  Faults  in  Sequen¬ 
tial  Circuits 

There  are  two  classes  of  redundant  faults  in  a  sequential  riicuu. 
namely,  combiuatioually  aud  sequentially  redundant  faults  Coin 
binatioually  redundant  faults  (C££s)  are  due  to  the  piesenre  of 
lines/wiros  in  the  logic  circuit  that  do  not  contribute  to  the  pn 
mary  output  or  the  next  state  functions.  Replacement  of  the- 
hues  by  constants  will  not  change  the  fuuctiouahtv  of  the  comb: 
national  logic  iu  the  sequential  circuit.  CRF s  cauuot  be  detected 
eveu  if  all  the  memory  elements  of  the  sequential  circuit  are  made 
scauuabie.  Sequentially  redundant  faults  [SRF<~).  on  the  othn 
hand,  are  related  to  the  temporal  characteristics  of  the  sequential 
circuit.  Although  SRF s  alter  the  combinational  logic  function  of 
the  circuit  and  hence  the  State  Tfausitiou  Graph  (STG)  repre¬ 
senting  the  sequential  circuit,  they  cannot  be  detected  without 
inakiiiR  some  of  the  latches  scauuabie. 

We  now  provide  a  definition  of  sequentially  redundant  faults. 

1.  Au  equivalent- SB F  is  a  fault  which  causes  oulv  iuterchange 
and/or  creation  of  equivalent  states  in  the  STG  of  the  finite 
state  machine. 

2.  An  iuvalid-SRF  does  not  corrupt  auy  fauout  edge  of  a  valid 
state  reachable  from  the  reset  state. 

3.  An  isomorph- SR F  transforms  the  original  machine  isouior- 
plucaily.  i.e.  the  faulty  marhiue  is  equivalent  to  the  good 
machine  but  with  a  different  encoding.  (There  exists  au  iso 
morphism  between  the  original  and  the  faulty  machine.) 

We  will  wie  an  example  to  illustrate  the  existence  of  sequentially 
redundant  faults. 

The  State  Transition  Graph  (STG)  of  a  finite  state  machine  is 
•hown  in  Figure  1.  The  machine  has  5  state*  and  the  states 
010  and  110  are  equivalent.  The  logic  implementation  of  the 
combinational  part  of  the  machine  i*  shown  in  Figure  2.  The 
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Figure  1:  Original  Finite  State  Machine 
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Figure  2:  Combinational  Logic  of  FSM 


Figure  3:  Fault'  FSM  with  wl  s-a-0 


Figure  4:  Faulty  FSM  with  w2  s-a-I 


Figure  5:  Faulty  FSM  with  an  isomorpli-SRF 

fault  trl  6tuck-at-0  (s-a-0)  changes  the  original  STG  to  the  one 
shown  in  Figure  3.  The  corrupted  edge  is  shown  via  a  dotted  hue. 
Since  010  and  110  are  equivalent  states  in  the  original  STG.  the 
fault  u’l  s-a-0  only  causes  an  interchange  of  two  equivalent  state? 
of  the  machine  and  is  therefore  sequentially  redundant.  The  fault 
ti-2  s-a-1  changes  the  machine  to  the  one  shown  in  Figure  4.  The 
fault  creates  an  extra  state  111.  that  was  originally  an  invalid 
state  which  is  equivalent  to  the  true  6tate  110.  Therefore  the 
fault  ti'2  is  also  sequentially  redundant.  The  corrupted  edge  is 
shown  in  dotted  hues  and  the  added  edges  shown  in  dashed  hues. 

If  the  detection  of  a  fault  in  the  combinational  logic  requires 
the  machine  to  be  brought  to  an  invalid  state  (e.g.  101).  then 
the  fault  is  an  iuvalid-SRF.  An  isomorph-SRF  may  change  the 
original  machine  to  the  one  shown  in  Figure  5.  Note  that  the 
faulty  machine  represents  an  equivalent  machine  with  a  different 
encoding.  The  encoding-  for  the  states  000  and  001  in  the  original 
machine  have  been  swapjted.  An  isomorphism  exists  between  the 
original  and  the  faulty  machine. 

Theorem  3.1  :  A  reilunilant  fault  tn  a  finite  Mate  machine  is 
either  a  CPF  or  an  equivalent- SPF  or  an  mvalid-SPF  or  an 
ifomorji/i-SPF. 

Proof  (by  contradiction):  Assume  a  fault.  F.  is  a  redundant  fault 
but  not  a  CPF  or  equivaleut-SRF  or  iuvalid-SRF  or  isomorph- 
SRF.  Since  F  is  not  a  CPF  or  an  invalid-SRF.  there  must  be 
an  input  sequence,  beginning  from  the  reset  state,  that  will  bring 
the  machine  to  a  state  that  can  excite  the  fault  and  propagate 
its  effect  at  least  to  some  of  the  next  state  hues.  Since  F  is 
not  an  equivaleut-SRF  or  an  isomorph-SRF.  the  fault  effect  on 
the  next  state  lines  will  not  cause  an  interchange  or  creation  of 
equivalent  states  or  an  isomorphic  mapping  of  states.  This  means 
the  good  state  and  the  faulty  state  can  be  differentiated  by  a 
propagation  sequence,  i.e.  the  fault  effect  is  propagated  to  the 
primary  outputs,  which  means  that  the  fault  is  testable.  Q.E.D. 

Theorem  3.1  guarantees  that  a  fully  testable  finite  6tate  ma¬ 
chine  results  if  we  ensure  that  none  of  these  4  kinds  of  redundan¬ 
cies  described  above  exist  in  the  synthesized  machine.  Steps  in 
our  synthesis  procedure  are  designed  to  achieve  this  goal. 

4  Irredundant  Fully  Testable  Sequential 
Machines 

A  general  model  for  a  Mealy  taite  state  machine  is  shown  in 
Figure  C.  It  is  realized  by  a  combinational  logic  block,  which  im¬ 
plements  the  output  and  next  state  logic  functions,  and  feedback 
registers.  The  Moore  machine  ran  be  viewed  as  a  special  case  of 
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Figure  6:  Geueral  Sequential  Machine  Model 

a  Mealy  machine,  where  the  outputs  depend  only  on  the  present 
state  of  the  machine. 

We  first  describe  the  optimal  synthesis  procedure  in  Section  4.1. 
In  Section  4.2.  we  prove  that  the  resulting  machine  has  no  CRTs, 
iuvalid-SRFs  or  isomorph-SRFs.  Experimental  results  indicate 
that  the  machine  has  very  few  redundancies.  In  Section  4.3.  we 
present  a  modified  synthesis  procedure  using  extended  don't  care 
sets  in  repeated  combinational  logic  minimization  which  ensures 
that  equivalent-SRFs  do  not  exist  in  the  synthesized  machine. 
The  synthesized  machine  is  thus  made  fully  testable.  In  Section 
-1.4.  we  briefly  discuss  how  finite  automata  represented  at  the 
truth  table  or  at  the  logic-level  can  be  made  fully  testable. 

4.1  The  Synthesis  Procedure 

The  procedure  consists  of  the  steps  of  state  minimization,  state 
assignment  and  combinational  logic  optimization  These  steps  are 
described  in  the  sequel. 

1.  State  Minimization:  Given  an  original  State  Transition 
Graph  specification  G°  we  obtain  a  state  minimum  repre¬ 
sentation.  G‘w.  using  algorithms  similar  to  those  proposed 
iu  [14].  Ghl  has  A",  valid  states  and  satisfies  the  property 
that  no  two  states  are  equivalent.  State  minimization  for 
completely  specified  State  Trausiricu  Graphs  can  be  accom¬ 
plished  in  0(Alog{  A'))  time  where  A  is  the  number  of  states 
in  the  machine,  but  is  NP-complete  for  incompletely  specified 
machines. 

2.  State  Assignment:  We  encode  the  states  in  GM ,  namely 
Q.  The  number  of  encoding  bits  As  can  be  arbitrarily  large 
(As  >  logzdlQHl).  State  assignment  algorithms  like  those 
in  [13]  and  [T]  can  be  used,  which  find  a  state  assignment 
that  heuristically  minimizes  the  area  of  the  combinational 
network  after  optimization.  However,  the  state  assignment 
algorithm  mar  have  to  explore  a  certain  number  of  possible 
•tale  assignments  in  order  to  ensure  a  locally  optimal  solution 
(see  Definition  4.2). 

3.  Combinational  Logic  Optimisation:  Given  the  encoded 
machine,  which  it  now  a  combinational  logic  specification,  we 
synthesize  a  prime  and  irred undent  combinational  logic  net¬ 
work  which  implements  both  the  next  state  logic  and  output 
logic  functions.  The  transitions  from  the  nnnsed  state  codes, 


are  used  as  don't  cares  during  the  minimization.  The  um¬ 
ber  of  inputs  to  the  network  will  be  A,  4-  A’s  and  the  uumlter 
of  outputs  will  be  A‘<,  4-  AV  Prime  aud  irreduudaut  two-level 
networks  can  be  produced  using  two-level  logic  uiiuimizers 
like  ESPRESSO  [3j.  Prime  and  irreduudaut  multi-level  net¬ 
works  can  be  synthesized  using  techniques  like  those  in  [2]. 
The  multi-level  network  has  to  be  irreduudaut  for  a  certain 
class  of  multiple  stuck-at  faults  as  well  (see  Lemma  4.2). 

We  will  have  A \  latches  in  the  synthesized  sequential  machine 
(denoted  S*1 )  and  2A>  valid  aud  invalid  states  in  the  completely 
specified  State  Transition  Graph  (denoted  G). 

4.2  Correctness  of  Procedure 

We  can  prove  that  the  sequential  machine  synthesized  by  the  pro¬ 
cedure  of  the  previous  section  is  irredundant  for  all  CRFs.  iuvalid- 
SRFs  and  iaomorph-S&Fs. 

The  following  theorem  follows  from  the  definition  of  state  min¬ 
imality.  It  is  given  iu  [11]. 

Theorem  4.1  :  Gitiett  a  state  minimized  (reduced)  machine  M 
with  A,  states,  no  machine  with  fewer  stale s  can  realize  the  fame 
terminal  behavior.  A  iso.  any  machine  with  the  name  number  of 
states  that  realizes  the  fame  behavior  has  to  be  M  or  isomorphic 
to  Al. 

We  now  show  that  stuck-at  faults  cannot  produce  a  faulty  State 
Transition  Graph  that  is  isomorphic  to  the  true  State  Transition 
Graph  if  the  combinational  logic  implementing  the  next  state  and 
output  logic  functions  is  two-level,  prime  and  irreduudaut.  Iso¬ 
morphic  faulty  and  true  State  Transition  Graphs  imply  that  the 
fault  has  no  other  effect  than  interchanging  the  codes  of  the  states 
of  the  machine. 

The  proof  of  this  lemma  ran  be  found  in  Appendix  A. 

Lemma  4.1  :  Stuck-at  fault.*  on  the  primary  input  (PI),  primary 
output  (PO).  present  state  (PS)  and  next  state  (NS)  lines  cannot 
produce  a  faulty  State  Transition  Graph  Gr  that  is  isomorjihtc  to 
G. 

Definition  4.1  ;  A  multi-level  network  is  inversion-parity  in¬ 
variant  if  for  any  fault  in  the  network,  other  than  on  the  primary 
input  lines,  the  parity  of  inversions  is  the  same  (either  odd  or 
even)  for  all  paths  to  the  primary  outputs. 

Note  that  any  two-level  network  is  inversion-parity  invariant. 
Also,  networks  that  are  synthesized  by  algebraic  factorization 
from  two-level  networks  are  also  inversion-parity  invariant. 

Theorem  4.2  :  If  the  two-level  combinational  circuit  implement¬ 
ing  the  next  state  and  output  logic  functions  is  prime  and  irredun¬ 
dant,  then  any  fault  F  in  the  circuit  cannot  produce  a  GF  that  it 
isomorphic  to  G.  Also,  if  a  prime  and  irredundant  multi-level  cir¬ 
cuit  it  synthesised  such  that  it  is  emersion-parity  invariant,  then 
any  fault  F  m  the  ctreuif  cannot  produce  a  Gr  that  is  isomorphic 
to  G. 

Proof:  By  Lemma  4.1,  we  need  mot  consider  faults  on  the  PI 
and  PS  lines.  In  a  two-level  network,  faults  on  the  intermediate 
lines  and  outputs,  have  the  ptopertv  that  they  either  produce 
a  D  or  a  Tf  at  the  outputs  of  the  network,  uniformly  for  all  test 
vectors  that  detect  the  fault.  Isomorphism  implies  an  interchange 
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of  codes  of  multiple  states.  Without  loss  of  generality,  assume  a 
two-way  swap,  between  the  codes  of  91 .  92  6  G  to  produce  Gr 
isomorphic  to  G.  Au  edge  <1  exists  from  some  state  si  that  goes 
to  92  to  GF  instead  of  91  in  G.  Similarly,  an  edge  <2  from  some 
state  fi.  that  goes  to  91  in  Gr  instead  of  92  in  G  exists.  In  the 
combinational  sense,  if  1 (  produces  a  D  at  some  next  state  line 
where  91  and  92  differ.  #2  has  to  produce  a  7  at  that  line.  This 
is  not  possible  in  a  two-level  net  work  for  faults  on  intermediate 
lines  and/or  outputs.  Therefore,  isomorphism  cannot  occur. 

The  same  argument  holds  for  a  inversion-parity  invariant,  prime 
and  irredundaut.  multi-level  network.  Q.E.D. 

In  a  general  multi-level  network,  however,  the  faults  in  the  in¬ 
termediate  lines  may  produce  both  a  D  as  well  as  a  "D  at  any 
particular  output,  due  to  recouvergeut  fanout  paths  with  differ  - 
iug  numbers  of  inversions.  The  arguments  of  Theorem  4.2  do  not 
hold,  when  Boolean  operations  are  used  in  multi-level  combina¬ 
tional  logic  synthesis. 

The  proof  of  the  following  lemma  can  be  found  in  Appendix 

B.  A  multi-level  network  can  be  m.  prime  and  irredundaut  for 
multiple  stuck-at  faults  via  the  procedure  of  (2). 

Lemma  4.2  .  7/  a  prime  and  «m edundant  multi-level  network 

C.  with  m  outputs  and  asserting  all  2"'  output  combinations,  is 
irredundant  for  multiple  F-  type  faults  for  eack  line  in  the  network 
that  is  the  output  of  a  gate  and  not  a  primary  output,  then  for 
any  single  stuck-at  fault.  F .  in  C.  there  will  exist  au  input  vector 
pair  (i|.  12)  such  that  i f  is  a  lest  vector  for  the  fault  and  ij  is 
not.  and  ij  produces  the  same  output  in  CF  as  12  does  in  C. 

Using  Lemma  4.2.  we  can  prove  the  following  theorem,  that 
restricts  the  occurrence  of  isomorphism  in  sequential  machines, 
implemented  by  prime  and  irredundaut  multi-level  networks  that 
are  also  irredundaut  for  multiple  F-type  faults  in  the  netwoik.  Q 
denotes  the  set  of  states  in  Gw. 

Theorem  4.3  :  If  a  set  of  states  Qi  €  Q  is  such  that  each  state 
in  Q 1  has  the  property  that  its  fanout  edges  assert  distinct  outputs 
from  all  other  states  in  Q  or  has  fanout  next  states  in  Q  -  Qj. 
which  are  distinct  from  the  fanout  states  of  all  other  states  m 
Q.  or  possesses  distinct  combinations  of  outputs  and  fanout  next 
states,  then  a  faidt  cannot  produce  an  isomorjihic  machine  causing 
only  interchange  of  states  within  Q  / . 

Proof:  We  will  first  prove  the  case  of  ||Q;||  =  2  and  where  fanout 
edges  from  state  S|  assert  a  set  of  distinct  outputs  Oj  and  fanout 
edges  from  the  second  state  S2  assert  a  set  of  distiuct  outputs 
Oj.  Assume  there  exists  a  fault  F  that  produces  au  isomorphism 
between  these  states.  In  the  isomorph  GF.  fanout  edges  from  Si 
(,«2 1  will  assert  03  (0 1 ).  However,  by  Lemma  4.2.  au  uncorrupted 
edge  assertiug  some  o  f  0|  or  o  €  Oj  has  to  exist  in  GF .  This 
edge  can  only  come  from  S]  or  s3.  respectively.  This  means  that 
in  the  faulty  machine,  either  *1  or  *2  asserts  outputs  from  both  Ot 
and  Oj.  implying  that  GF  is  not  isomorphic  to  G.  The  argument 
is  easily  generalised  to  ||Q;||  >  2. 

A  similar  argument  ran  be  made  for  states  *■ ,  #2  with  distinct 
next  state  fanouts  or  distinct  combinations  of  outputs  and  next 
state  fanouts.  Q.E.D. 

Thus,  a  sequential  machine  with  a  Gw  where  all  states  possess 
distinct  combinations  of  outputs  and  fanout  states  cannot  have 
faults  that  cause  isomorphism,  whether  the  combinational  logic 
is  implemented  in  two- level  or  general  multi-level  form. 


Definition  4.2  .  A  state  assignment  of  G*1  is  deemed  to  be  lo¬ 
cally  optimal  with  respect  to  a  subset  of  slates  Qi  €  GA(.  if 
interchanging  the  codes  oj  96  Q 1  does  not  produce,  after  opti¬ 
mization.  a  logic  implementation  that  ta  exactly  the  same  as  the 
previous  one.  except  with  one  less  literal. 

The  state  assignment  is  locally  rather  than  globally  optimal  in 
the  sense  that  interchanging  the  code  of  91  €  Qi  with  qj  (  Qi 
could  produce  a  bettei  logic  implementation.  In  a  multi  level 
implementation,  if  there  exist  states  in  G*1  that  do  not  satisfy 
the  condition  of  Theorem  4.3.  then  in  order  to  ensure  that  a 
redundant  fault  does  not  cause  isomorphism,  the  state  assignment 
of  GAI  has  to  be  locally  optimal  with  respect  to  interchanging  the 
codes  of  these  states.  For  a  two-level  implementation,  any  state 
assignment  is  locally  optimal,  with  respect  to  all  states  in  Gw. 

Theorem  4.4  :  If  GA)  contains  2'*  valid  states  where  .Y( ,  is  the 
number  of  latches  in  SA( .  SAI  is  fully  testable,  if  the  prime  and 
irredundant  combinational  network  is  implemented  ttt  two-lew  I 
form,  or  if  a  locally  optimal  state  assignment  has  been  found,  as 
per  Definition  4.2.  across  all  states  that  do  not  satisfy  the  condi¬ 
tion  of  Theorem  4.3. 

Proof:  No  fault  in  the  machine  can  result  in  au  increase  in  the 
number  of  states,  since  the  true  machine  has  the  maximum  possi 
ble  number  of  slates,  namely  2'v‘’.  Since  GXI  is  reduced,  we  know 
that  no  machine  with  fewer  than  2'‘  states  can  realize  the  be- 
liavrot  of  GA/ .  All  faults  are  rotnbinatioually  irredundant.  since 
the  combinational  logic  is  prime  and  ineduudant.  Foi  a  com1’! 
nationally  irredundaut  faidt  F  to  be  sequential)!-  redundant,  tie 
faulty  machine  Gr  has  to  be  isomorphic  to  the  ti vie  machine  G 
By  Theorem  4  2  this  is  not  possible  in  a  two-level  implements 
tion.  In  a  mull, -level  implementation,  if  Gr  is  isomorphic  to  C. 
the  sets  of  states  satisfying  the  condition  of  Tlieoiem  -1.3  carino' 
be  involved  in  the  isomorphism.  If  isomorphism  occurs  due  to  F. 
it  has  to  involve  a  set  of  states.  Qi ■  not  satisfying  the  condition 
of  Theorem  4.3.  The  isomorphism  produces  a  Gr  equivalent  to 
G.  with  a  better  implementation  (after  optimization)  than  that 
of  G  (with  at  least  one  less  line).  However,  this  contiacbcts  the 
fart  that  the  initial  state  assignment  for  G A/  that  produced  G  is 
locally  optimal  under  the  exchange)  s)  of  the  codes  of  states  in  Q  /. 
Therefore.  5A*  is  fully  testable.  Q.E.D. 

The  above  theorem  is  quire  a  strong  result.  Given  a  State  Tran¬ 
sition  Graph  GAf.  if  extra  states  ran  lie  added  to  G*1  such  that 
the  resulting  graph  Gsl'  is  reduced  aud  has  2"  states,  then  the 
synthesized  machine  5M<  is  guaranteed  to  Ire  fully  testable,  pro¬ 
vided  the  state  assignment  is  locally  optimal.  Of  course,  adding 
the  extra  states  aud  edges  to  GA/  constitutes  an  area  overhead.  If 
Ga/  has  less  than  2N*  states,  the  unused  state  codes  can  Ire  used 
as  don't  care  states  to  minimize  the  combinational  specification. 

The  proof  of  this  lemma  cau  be  found  iu  Appendix  C. 

Lemma  4.3  :  Au  invalid  state  tn  the  State  Transition  Graph  is 
never  required  to  detect  a  fault  m  SA/. 

We  now  use  the  preceding  results  to  prove  the  partial  ineduu- 
daury  theorem  for  machines  whose  G*1  has  K,  <  2N*  states. 

Theorem  4.3  :  The  sequential  machine  SA/  produced  by  the  syn¬ 
thesis  procedure  may  contain  only  equivalent -SHFs. 
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Proof.  By  Lemma  4.3,  uo  iuvalid-SRFs  cau  exist.  By  Theorem 

4.2.  if  SKI  is  implemented  as  a  two- level  network,  no  isomorph- 
SBFs  can  exist.  If  S*1  is  implemented  as  a  multi-level  network, 
then  a  locally  optimal  state  assignment  as  per  Definition  4.2, 
across  all  states  that  do  not  satisfy  the  condition  of  Theorem 

4.3.  is  found  This  guarautees  that  no  isomorph-SRFs  will  exi«t 

S'1  does  not  contain  any  CRFs.  Therefore,  by  Theorem  3.1.  only 
equivaleut-SRFs  can  exist.  Q.E.D. 

4.3  Eliminating  Redundancies  Via  Extended  Don’t 
Care  Sets 

In  this  section,  we  show  how  the  testability  of  the  synthesized  ma¬ 
chine  S  v  cau  be  increased  by  removing  possible  equivaleut-SRFs 
through  succeeding  logic  minimization  steps,  without  explicitly 
identifying  these  redundancies.  Redundancies  are  identified  and 
removed  implicitly  via  the  use  of  extended  don't  care  sets. 

A  simple  equivalent-SRF  was  illustrated  in  Figure  4  (Section  3). 
We  have  a  situation  where  an  invalid  state  q  has  identical  fanout 
and  hence  is  equivalent  to  some  valid  state  iq  ■  An  edge  from  t’j 
to  iq  is  corrupted  to  go  to  q.  F  only  corrupts  one  edge  in  the 
State  Transition  Graph  and  propagates  only  one  time-frame.  In 
the  general  rase,  a  equivalent-SRF  cau  propagate  multiple  time¬ 
frames.  when  the  invalid  state  q  is  equivalent  to  the  true  valid 
state  iq.  but  does  not  have  identical  fanout. 

These  redundancies  are  likely  to  occur,  especially  if  a  large 
number  of  unused  state  codes  exist.  These  redundancies  occur 
because  current  state  assignment  algorithms  do  not  use  the  free¬ 
dom  of  state  splitting  (Section  j).  so  as  to  obtain  an  optimal  so¬ 
lution.  It  is  very  difficult  to  extend  state  assignment  algorithms 
in  this  direction  and  hence  we  ensure  irrednndaury  by  specify¬ 
ing  an  extended  don't  care  set  in  a  repeated  logic  minimization 
procedure. 

1.  State  assignment  and  logic  optimization  are  performed  as 
before,  with  logic  optimization  using  the  invalid  states  as 
don't  cares. 

2.  Given  the  prime  and  irreduudaut  logic  network,  the  State 
Transition  Graph.  G.  corresponding  to  the  network  is  ex¬ 
tracted.  All  invalid  states  tc  e  G  that  are  equivalent  to  valid 
states  r  €  G  are  found.  It  should  be  noted  that  G  is  a  com¬ 
pletely  specified  combinational  logic  function,  corresponding 
to  an  encoded  State  Transition  Graph. 

3.  Given  a  valid  state  iq .  valid  states  cj.  t‘3. ..  r/  that  are  equiv¬ 
alent  to  r,  and  invalid  states  >"<  iiq.  ..  ’<•/>  that  are  equiva¬ 
lent  to  tv  then  the  fauiu  of  iq  is  re-specified  as  n(/otiin(tq)) 
=  DC( tq.  rj...  iq.,  ttq .  tfj.  .. » rgy  )■  DC( )  implies  that  any 
(but  at  least  one)  of  the  enclosed  state  entries  cau  be  used. 
In  practice,  if  tq  and  some  or  all  of  the  i 1>*,  1  <  k  <  A'  cau 
be  merged  into  a  single  cube.  c.  then  every  occurrence  of  tq 
in  the  next  state  field  of  G  is  replaced  by  c.  1  G  with  this 
extended  don't  care  aet  is  nude  prime  and  itTed undent  via 
logic  minimization  to  produce  G1.  This  may  make  a  previ¬ 
ously  invalid  state  valid. 

4.  C  mar  have  some  invalid  states,  which  could  be  different 
from  the  invalid  states  in  G.  These  invalid  state  codes  are 

'If  Ike  code*  caaaot  be  merged  isio  •  siagle  cube,  we  kaee  a  Boolean 
relation  (4)  corresponding  lo  Ike  permissible  next  Mate*  of  ike  edge  and  tke 
combinational  logic  kas  to  be  optimiied  with  respect  to  this  Boolean  relation 


used  as  don't  cares  and  G'  is  made  prime  and  irreduudaut 
under  this  new  don't  care  set  to  produce  G". 

5.  If  G'  =  G",  exit.  Else  G  •—  G".  go  to  Step  2. 

In  the  first  iteration,  there  will  not  be  valid  states  tq.  ..  rL  that 
are  equivalent  to  any  iq.  since  we  begin  with  a  reduced  machine 
However,  after  Step  3  above,  some  invalid  states  that  are  equiva¬ 
lent  to  tq  may  become  valid. 


Theorem  4.6  ;  The  procedure  above  converges,  and  the  resulting 
machine  after  convergence  will  not  have  any  simple  equivaleut- 
SRFs.  invalid-SRFs  or  isomorph-SRFr. 

Proof:  The  procedure  converges  when  succeeding  logic  minimize 
tions  have  produced  the  same  result.  Each  logic  minimization 
starts  with  the  result  of  the  previous  logic  minimization.  Ad¬ 
ditional  don't  cares  are  provided.  We  are  guaranteed  that  the 
overall  cost  fnnetion  (e.g.  the  number  of  hues  in  the  uetwork  I  has 
a  finite  decrease  if  the  logic  function  is  altered.  Since  the  cost 
function  is  bounded  from  below,  the  sequence  of  logic  minimiza¬ 
tions  must  eventually  converge,  and  on  the  last  call,  return  an 
unchanged  network. »/.  No  isomorph-SRFs  will  exist  in  the  prime 
and  irreduudaut  uetwork  >/  by  Theorem  4.2  and  Theorem  4.3 
Since  the  invalid  states  have  been  used  as  don't  cares  to  produce 
1/  and  the  network  is  unchanged  since  then  (even  though  addi 
tioual  minimizations  may  have  been  performed),  uo  invalid  s!! F 
can  exist. 

Finally,  using  the  don't  rare  sets  corresponding  to  the  equi\.i 
lent  states,  ensures  that  for  each  fault  F  thcie  will  exist  at  j< 
one  corrupted  edge  that  goes  to  a  state.  qr.  that  is  not  equivalent 
to  the  true  next  state,  q.  in  the  true  machine  G.  regardless  of 
whether  the  </  is  invalid  or  valid,  t/  is  unchanged  since  the  u‘c  of 
the  invalid  states  as  don't  cares,  so  an  edge  fanning  out  of  a  valid 
state  has  to  exist  with  this  property.  qF  6  GF  lias  to  become 
equivalent  to  q  €  G  foi  F  to  be  redundant,  but  that  would  mean 
that  F  is  not  a  simple  equivalent-SRF  Therefore.  F  is  testable 
or  not  a  simple  equivalent-SRF.  Q.E.D. 

More  complicated  equivaleut-SRFs  may  exist,  though  expen- 
mental  evidence  indicates  that  this  is  extremely  rare.  In  fart,  we 
have  yet  to  encounter  a  single  rase  of  an  equivalent-SRF  that  is 
uot  of  the  form  of  the  SRF  of  Figure  4  These  redundancies  roi- 
respond  to  the  case,  where  qF  6  G  is  uot  equivalent  to  q  €  G 
but  qF  6  Gf  becomes  equivalent  to  q  €  G.  making  F  redundant. 

A  larger  set  of  dou't  cares  ran  ensure  that  these  equivaleut-SRFs 
do  uot  occur  in  the  machine.  The  synthesis  procedure  described 
above  is  unchanged  except  for  introducing  an  additional  don't 
care  set  in  Step  3  where  G'  is  produced,  as  described  below. 

Step  3b:  Given  a  state  y?  that  is  not  equivalent  to  a  valid  state 
Vi .  the  set  of  input  combinations  in<(«i  -  yj  I  are  found  which  make 
this  pair  not  equivalent.  If  y2  were  equivalent  to  y,  then  i„  =  o. 

The  don't  care  specification  is  n(/«ni»(yi ))  =  DC{q\ .  qt ).  with 
a  constraint  ou  a  subset  of  fanout  edges  of  yj  if  ft  is  picked  rather 
tliau  ft.  The  constraint  for  a  single  cycle  propagation  is  that 

0(*iw(ft>  ft).  ft)  =  4iiw(ft.  ft),  ft)  A  *(»i»(ft.  ft),  ft)  =  n(<m(yi.  vr).  yi  1 

This  aet  of  don't  cares  and  associated  constraints  are  found 
for  the  different  state  pairs  that  are  not  equivalent.  Optimal  use 
of  these  don’t  cares  and  associated  constraints,  generalized  to 
multiple-cycle  propagation,  ensures  full  testability. 
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Theorem  4.7  :  Using  the  additional  don't  care  set  in  the  syn¬ 
thesis  procedure  will  result  m  a  fully  testable  machine. 

Proof:  By  Theorem  4.6.  no  simple  equivaleut-SRFs,  invalid-SRFs 
or  isomorph-SRFs  will  exist  in  the  machine.  Using  the  additional 
don't  cares  will  ensure  that  there  will  always  be  an  edge  from  a 
valid  state  that  is  corrupted  to  qF  instead  of  q  such  that  qF  £ 
G  ±  q  £  G  and  qF  £  GF  ^  q  €  G.  Therefore.  Gr  and  G  can 
be  differentiated  by  distinguishing  qF  and  q  and  F  is  testable. 
Q.E.D. 

The  enhanced  procedure  will  remove  all  equivaleut-SRFs  in  the 
machine  which  has  been  synthesized  as  described  in  the  previous 
section.  In  practice,  only  the  simple  don't  cares  of  Step  3  suffice 
to  ensure  full  testability,  allowing  a  locally  optimal  solution  with 
no  redundancies  to  be  reached:  the  more  complicated  don’t  cares 
of  Step  3b  are  not  required.  That  is  fortunate,  since  current  logic 
optimization  programs  are  quite  restricted  in  the  specification  and 
optimal  usage  of  don't  cares. 

The  procedure  is  quite  CPU-intensive  since  repeated  combina¬ 
tional  logic  minimizations  have  to  be  performed.  Experimental 
results  (Section  C)  indicate  that  the  machine  prior  to  using  the 
extended  don't  care  sets  is  highly  testable,  and  in  some  cases, 
fully  testable.  Removing  the  few  redundancies  can  be  rfom- 
plislied  using  reasonable  amounts  of  CPU  time.  The  fact  that 
a  network  has  to  repeatedly  be  made  prime  and  irredundant  in 
order  to  ensure  full  testability  for  a  sequential  circuit,  indicates 
that  synthesizing  irredundant  sequential  circuits  is  more  difficult 
than  synthesizing  irredundant  combinational  circuits. 

4.4  Synthesis  from  Logic-Level  Descriptions 

In  this  section,  we  describe  how  complete  or  partial  re-synthesis  of 
logic-level  circuits  can  be  performed  so  as  to  ensure  irredundant 
sequential  machines.  Given  a  combinational  specification  of  a 
circuit  in  the  form  of  a  truth  table,  i.e.  a  previously  encoded  finite 
state  machine,  the  following  steps  are  performed  in  re-synthesis. 
The  combinational  specification  has  .V,  +  ,Vt  inputs  and  h'0  +  As 
outputs,  where  A't  is  the  number' of  encoding  bits  used  (latches) 
in  the  state  assignment  process. 

1.  The  combinational  specification  is  made  disjoint  in  the 
present  state  field  (the  last  As  inputs).  A  cube  entry  in  the 
field  is  identical  to  another  cube  entry  or  does  not  intersect 
it.  A  two-level  cover  ran  be  made  disjoint  using  the  disjoint 
SHARP  operation  in  [3]. 

2.  The  specification  is  now  treated  as  a  State  Transition  Table, 
with  each  distinct  entry  in  the  present  state  and  next  state 
field  representing  a  distinct  state.  If  some  states  cannot  be 
reached  from  the  reset  state  (invalid  states),  they  are  deleted 
from  the  description.  The  State  Table  is  now  state  mini¬ 
mized.  Some  states  (represented  by  cubes  or  mintenns)  may 
be  removed  because  of  being  equivalent  to  other  states. 

3.  The  encoded  State  Transition  Table  represents  a  combina¬ 
tional  logic  specification  that  can  be  made  prime  and  irre¬ 
dundant.  A  fully  testable  machine  can  be  synthesized  via 
the  procedures  of  Section  4.2  and  4.3. 

The  re-synthesis  procedure  can  be  extended  to  begin  from  a 
logic-level  description.  In  this  rase,  the  State  TVarrition  Graph 
of  the  machine  is  extracted  using  the  efficient  cube-enumeration 
techniques  presented  in  [Gj.  Given  this  (encoded )  State  Transition 
Graph.  Steps  1-3  described  above  are  carried  out  as  before. 


5  Effect  of  Redundancy  Removal  via 
Logic  Minimization  on  State  Encoding 

If  a  combinationally  redundant  hue  is  removed  from  a  logic  net¬ 
work  (i.e.  replaced  with  a  0  or  a  1 ).  network  functionality  remains 
unchanged.  Similarly,  when  a  sequentially  redundant  but  combi- 
natioually  irredundant  hue  is  removed  from  a  sequential  machine, 
the  terminal  behavior  of  the  machine  remains  unchanged.  How¬ 
ever.  the  State  Transition  Graph  of  the  machine,  and  the  state 
encoding  are  affected  by  redundancy  removal  via  repeated  logic 
minimization. 

Two  things  may  happen  during  redundancy  removal: 

1.  A  state  may  be  added  to  the  State  Transition  Graph,  which 
is  equivalent  to  some  other  valid  state.  An  edge  is  redirected 
from  some  valid  state  to  this  originally  invalid  state. 

2.  A  valid  state  may  be  replaced  by  an  originally  invalid  state. 
In  effect,  the  encoding  of  a  symbolic  state  is  chauged. 

The  occurrence  of  the  first  effect  is  due  to  the  fact  that  state 
assignment  is  performed  on  a  state  minimized  Graph.  It  is  well 
known  [10]  that  state  splitting  may  be  required  for  an  optimal 
6tate  assignment.  Unfortunately,  the  state  assignment  problem 
is  difficult  enough,  without  adding  the  extra  degree  of  freedom 
of  being  able  to  split  states.  The  faulty,  but  equivalent.  State 
Graph  corresponds  to  a  "'better''  state  assignment  with  (at  least) 
one  state  split  into  two  (or  more)  components. 

The  occurrence  of  the  second  effect  is  due  to  a  state  assign¬ 
ment  that  is  not  locally  optimal  for  the  reduced  State  Graph,  even 
without  the  addition  of  extra  states  As  mentioned  in  Section  4.2. 
when  a  machine  has  a  two-level  combinational  logic  implementa¬ 
tion.  any  state  assignment  is  locally  optimal  with  respect  to  all 
the  used  state  codes.  However,  the  state  assignment  may  be  sub- 
optimal  when  considering  the  invalid  or  unused  state  codes.  In 
the  multi-level  case  too.  a  state  assignment  that  is  locally  optimal 
under  the  valid  (used)  state  codes  may  be  sub-optimal  when  con 
sidering  the  invalid  (unused)  state  codes.  The  replacement  of  a 
state  code  by  an  unused  state  code  results  in  a  “better"  machine. 

State  assignment  techniques  (e.g.  [7]  [13])  do  not  take  state 
splitting  into  account  in  their  attempt  to  find  locally  ot  globallv 
optimal  solutions.  In  our  experience,  the  occurrence  of  the  first  ef 
feet  is  much  more  frequent.  If  an  optimal  state  assignment  can  be 
fouud  exploiting  the  freedom  of  state  splitting,  then  the  resulting 
logic  implementation  will  be  fully  testable.  Repeated  logic  min¬ 
imization.  as  described  in  Section  4.3.  has  the  effect  of  changing 
a  sub-optimal  state  encoding  to  a  locally  optimal  encoding  that 
corresponds  to  a  fully  testable  machine. 

6  Results 

In  this  section,  we  present  some  preliminary  results  obtained  us¬ 
ing  the  synthesis  procedures  described  in  Section  4.  Intensive 
optimization  is  necessary  to  obtain  fully  testable  designs.  If  this 
optimization  ran  be  carried  out.  then  the  synthesized  machine 
will  occupy  minimal  area.  There  is  no  area/perfonnaace  over¬ 
head  associated  with  this  procedure.  However,  the  CPU  time 
requirements  have  to  be  evaluated. 

Redundancies  can  be  explicitly  removed  via  the  nae  at  test  pat¬ 
tern  generation  algorithms,  to  produce  fully  testable  sequential 
circuits.  However,  redundant  lines  corresponding  to  redundant 
sturk-at  faults  can  only  be  removed  (replaced  with  a  0  or  a  1) 
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#out 
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exl 

2 

2 

6 

24 
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2 
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13 

57 
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20 
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48 
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1 

24 

90 

styr 

9 

10 

30 

165 

kevb 

7 

2 

19 

170 

scf 

27 

54 

128 

168 

Table  1:  Statistics  of  Benchmark  Examples 

one  at  a  time.  Furthermore,  removing  a  redundant  hue  may  in¬ 
troduce  new  redundancies  and  so  all  faults  have  to  be  checked  for 
redundancy  on  each  removal.  We  compare  these  two  techniques 
to  the  synthesis  of  ineduudaut  sequential  circuits. 

We  chose  some  examples  in  the  MCNC  1987  Logic  Synthe¬ 
sis  Workshop  as  test  cases,  whose  statistics  are  given  in  Table 

1.  Beginning  from  a  State  Transition  Graph  description.  G.  the 
following  steps  were  performed  in  the  synthesis  procedure. 

1.  State  Minimization:  The  machines  were  state  minimized. 

2.  State  Assignment:  Binary  codes  were  assigned  to  the 
states  in  G  using  the  program  KISS  [13],  The  encoding  length 
in  some  cases  was  greater  than  the  minimum  required.  The 
codes  were  all  uriutenns.  and  some  minterms  were  not  used. 
The  combinational  logic  specification,  a  truth  table,  after  en¬ 
coding  is  denoted  T. 

3.  Logic  Optimization:  T.  with  all  the  unused  state  codes 
specified  as  don't  cares,  was  optimized  using  ESPRESSO, 
and  algebraically  factored  to  produce  a  multi-level  logic  net¬ 
work  C.  C  was  prime  and  irredundant. 

Tests  were  generated  for  the  resulting  sequential  machine  M 
whose  combinational  logic  is  implemented  by  C.  Test  generation 
was  accomplished  using  the  program  STALLION  [12].  The  num¬ 
ber  of  encoding  bits  used  in  state  assignment  (#lat ).  the  number 
of  gates  in  C  ( #gate)  and  the  fault  coverage  obtained  (fault  cov.) 
by  STALLION  are  given  in  Table  2.  The  CPU  times  for  logic  opti¬ 
mization  (l.o.  time),  test  generation  (TPG  time)  and  the  number 
of  test  sequences  (test  seq.)  generated  are  also  given.  All  the  un¬ 
detected  faults  were  checked  for  redundancy  using  algorithms  in 
STALLION.  The  number  of  reduudaut  faults  (%red.  fault)  and 
the  CPU  time  expended  during  redundancy  identification  (ra. 
time)  and  redundancy  removal  (r.r.  time)  are  given  in  Table  2. 
The  CPU  times  for  state  assignment  and  the  initial  state  mini¬ 
mization  were  negligible  and  are  not  given.  In  the  tables,  s  stands 
for  CPU  seconds  on  a  VAX  11/8050  and  in  for  CPU  minutes.  For 
all  the  cases,  the  machine  produced  is  highly  testable.  The  larger 
examples,  scf  and  planet  which  have  significantly  more  outputs 
than  latches  are  folly  testable. 

The  redundancy  identification  times  in  Table  2  represent  the 
CPU  times  required  to  explicitly  identify  redundant  lines  in  the 
given  circuit.  Explicitly  removing  theee  redundancies  in  order  to 
obtain  a  fully  testable  circuits  requires  considerably  more  CPU 
time  as  indicated  in  Table  2  (r.r.  time).  This  method  is  only- 
feasible  for  small  examples. 
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Table  2:  Synthesis  Procedure  Results 
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Table  3:  Results  using  Extended  Don't  Care  Sets  in  Synthes)- 


The  number  of  test  sequences  generated  for  each  example  is 
Comparable  to  the  number  of  single  rest  vectors  generated  via  a 
Complete  Scan  Design  approach.  However,  each  test  sequence 
has  multiple  test  vectors  (between  1-10)  that  have  to  he  applied 
to  the  PI  hues.  In  the  Sean  Design  case,  each  test  vector  requites 
multiple  clock  cycles  to  be  applied. 

The  examples  of  Table  2  witli  <  lOO'/T  fault  coverage  were  ie- 
synthesized  using  the  extended  don't  care  set  as  described  in  Set  - 
tiou  4.3.  The  CPU  time  to  check  for  equivalence  between  invalid 
and  valid  states  (s.e.  time),  number oflogir  minimizations  (#)ogir 
mini.),  CPU  time  spent  in  logic  minimization  (l.o.  time),  the  fi¬ 
nal  fault  coverage  (fault  cov.)  using  STALLION  and  the  test 
generation  time  (TPG  time)  are  indicated  in  Table  3.  The  CPU 
time  required  for  the  state  equivalence  checks  and  the  extra  logic 
minimization  steps  are  less  than  sequential  test  generation  and 
redundancy  removal  times  (Table  2).  indicating  that  the  optimal 
synthesis  procedure  is  more  efficient  than  an  explicit  redundancy 
identification  method.  Using  the  simple  don't  care;  (Step  3  in 
Section  4.3)  resulted  in  fully  testable  designs  in  all  rases.  We  have 
yet  to  find  an  example  where  this  is  not  the  rase. 


7  Conclusions 

We  have  described  a  synthesis  procedure  that  produces  an  opti¬ 
mised,  fully  testable  logic  implementation  of  a  sequential  machine 
from  a  State  Transition  Graph  description  of  the  znsrhine.  Dur¬ 
ing  synthesis,  possible  redundancies  in  the  machine  are  implicitly 
eliminated  using  state  equivalence  checking  and  combinational 
logic  minimization.  No  direct  access  to  the  memory  elements  is 
required. 

The  optimal  synthesis  procedure  described  involves  the  steps 
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of  stat«  minimization,  state  assignment  and  logic  optimization. 
It  is  applicable  to  Moore  or  Mealy  finite  state  machines.  This 
procedure  lias  no  associated  area/perfonuance  overhead  unlike 
Scan  Design  methodologies.  It  can  be  used  in  conjunction  with 
previous  synthesis  approaches  to  ensure  easily  testable  sequen¬ 
tial  machines.  In  this  case,  test  sequences  which  detect  all  sin¬ 
gle  stuck-at  faults  in  the  sequential  machine  can  be  obtained  via 
combinational  test  generation  and  depth-first  search  on  the  State 
Transition  Graph. 

Ongoing  work  includes  the  generalization  of  these  methods  to 
arbitrary  interconnections  of  finite  state  machines. 

8  Acknowledgements 

The  interesting  discussions  with  Kurt  Keutzer  and  Robert  Bray- 
ton  on  sequential  circuit  optimization  and  testabibty  are  ac¬ 
knowledged.  This  work  was  supported  in  part  by  the  Semicon¬ 
ductor  Research  Corporation,  the  Defense  Advanced  Research 
Projects  Agency  under  contract  N00014-87-K-0S25  and  a  grant 
from  ATirT  Bell  Laboratories. 

APPENDIX 

A  Proof  of  Lemma  4.1 

Proof:  Consider  a  primary  input  fault  F.  Without  loss  of 
generality,  assume  that  it  is  a  stuck-at- 1  fault  on  the  1st  pri¬ 
mary  input  hue.  The  effect  of  this  fault  is  to  cause  all  input 
vectors  u  such  that  ij[l]  =  0  to  become,  in  effect,  tj  where 
i,[l]  =  1  ArA:  ii[»]  -  »*.[/].  2  <  i  <  Aj.  Since  F  is  combina¬ 
tional^'  irredtmdant.  there  will  exist  an  input  vector  pair  (ij.  »j) 
where  i, [l]  =  0.  ij[l]  =  1  ArA:  tj  [i]  =  i2[i],  2  <  i  <  Aj  such  that 
»(/j.  9)  /  n(ij.  q)  ||  o(/j.  g)  ^  o(/j  g)  for  some  g  (Else,  tj  can 
be  replaced  by  tj  u  tj  in  the  combinational  truth  table).  First, 
consider  the  case  where  the  fanout  states  are  different  for  tj  and 
ij.  If  in  G.  tt(ij.  g)  =  g;  and  tt(tj.  g)  =  gj.  then  in  GF  we  have 
tt(tj.  g)  =  n(ij.  g)  =  93.  For  Gr  to  be  equivalent  to  G.  we  ueed 
•fi  €  GF  =  g;  €  G  and  gj  €  GF  =  g;  6  G  (since  there  is  a  cor¬ 
rupted  and  uucorrupted  edge  from  g  to  </-*  in  GF ).  This  requires 
g3  f  C  =  gi  €  G.  which  is  a  contradiction.  The  second  case 
where  the  primary  outputs  of  tj  and  tj  are  different  is  simpler. 
We  have  two  edges  from  a  state  in  G  that  assert  different  outputs 
and  go  to  the  same  next  state,  merging  in  GF .  This  means  GF 
cannot  be  isomorphic  to  G. 

A  primary  output  o  exists  in  GA/.  if  and  only  if  there  exists  a 
pair  of  edges  ()  and  t  j  which  assert  both  values  of  the  output. 
0/1.  When  the  marhiue  makes  the  transition  corresponding  to 
the  edge  which  asserts  the  value  of  the  output  different  from  the 
stuck  value,  the  fault  will  be  detected. 

If  all  stuck-at  faults  on  present  state  lines  are  combinational!)’ 
irredundant.  for  any  present  state  line  i,  there  are  two  states  fi 
and  42  whose  codes  differ  in  bit  i  alone,  qj  and  41  merge  in  GF 
due  to  a  fault  on  present  state  Hae  »'.  Bence,  ||GF||  <  ||G||  and 
isomorphism  cannot  occur. 

The  argument  for  the  next  state  line  faults  is  similar  to  the 
argument  for  the  present  state  line  faults.  Q.E.D. 

6  Proof  of  Lemma  4.2 

Proof  Consider  a  prime  and  irredundant  multi-level  circuit  im¬ 


plementing  G.  The  circuit  is  levelized  from  the  primary  outputs 
to  the  primary  inputs.  Gates  generating  primary  outputs  are  as¬ 
signed  level  0  aud  a  gate  that  drives  gates  with  levels  I).  Ij...  I„ 
has  a  level  equal  to  A//A’(  I, )  +  1.  The  gates  at  level  j  a re 
g,\.  9jJ •  SjSj ■  The  outputs  of  these  gates  constitute  a  set  of 
Aj  variables  JV(j)(ij.  1  <  i  <  Aj.  The  combinations  of  /!'(_/) 
that  are  caused  by  some  primary  input  combination  are  denoted 
J1  (j)CA  aud  the  combinations  that  never  appear  are  denoted 
IV[j)Dr. 

Without  loss  of  generality,  consider  the  s-a-0  and  s-a-1  faults 
on  /V(l)(l).  Some  it;  €  /l'(l)r'4  has  to  detect  the  s-a-0  fault 
aud  some  i t<j  €  JV(  1  )*'•'*  has  to  detect  the  s-a-1  fault.  Obvi¬ 
ously.  it'i[l]  =  1  and  rr*2(l]  =  0.  If  for  any  it;  €  /V(l)r'4 
that  detects  the  s-a-0  fault,  there  is  a  »'r 3  €  /l'(l)r4  such  that 
•  1*3(1]  =  0.  *  1*3(1]  =  2  <  i  <  Aj.  then  we  have  a  comple¬ 

mentary  PI  vector  pair  (ij.  tj)  corresponding  to  (it;.  11*3)  with 
«t  detecting  the  s-a-0  fault  aud  producing  a  faulty  output  equal 
to  the  true  output  of  tj  which  does  not  detect  the  fault.  Further¬ 
more,  ( tj.  tj  )  will  be  a  complementary  PI  vector  pair  for  the  s-a-1 
fault. 

We  then  consider  the  case  of  irj  6  /l'(l  )L>C  foi  all  it;  6 
I\ '( 1  )CA  that  detect  the  s-a-0  fault.  By  the  argument  above, 
if  for  any  it;  €  /V(l)f'4  that  detects  the  s-a-1  fault,  there  is  a 
it;  €  /V(l)f  4  such  that  < t’a ( 1  ]  =  0.  »jq[i]  =  ir2[i].  2  <  i  <  Aj. 
then  (if j.  it;)  constitutes  a  complementary  pair  for  the  s-a  l  fault 
aud  ( it;,  it; )  constitutes  a  complementary  pair  for  the  s- a  0  fault. 

The  last  case  we  ueed  to  consider  is  it;  6  I\'(  1  )Dr  for  all 
ii'i  £  /l’(l)r'4  that  detect  the  s-a-0  fault  and  it;  6  IV(l)F>r 
for  all  it;  €  /l’(l)r  4  that  detect  the  s-a-1  fault  011  /I '( 1  M  1 1. 
For  any  it;,  £  /V(l)r-4  that  does  not  detect  the  s-a-0  01  s-a-1 
fault,  we  have  it;  such  that  tf/|l]  =  it;  ( 1] .  »c/[i]  =  />*[/'].  2  < 
t  <  Aj.  producing  the  same  output  as  tt;  in  the  true  01  faults 
circuit.  We  then  can  represent  /V(l)r-4  using  IV(  l)ur  as  a  set 
of  cubes,  it;  U  if 3.  it;  U  it;.  ..  ii ;  u  it;,  wlieie  the  first  bit  in 
each  cube  is  a  don't  care.  This  means  the  line  Jl'(l)(l)  ran  be 
bodriy  removed,  i.e.  the  multiple  F-tvpe  fault  conespontbng  to 
/V(l)(l)  is  redundant,  which  is  a  contradiction.  Therefore,  a 
complementary  vector  pair  has  to  exist  for  the  stuck-at  faults  on 
/r(l)(l)  and  other  /V(l )(!•). 

A  similar  argument  ran  be  made  for  the  intermediate  hues  cor¬ 
responding  to  the  inputs  to  the  tjJt.  using  the  fart  that  the  m- 
output,  fault-free  network  asserts  all  distinct  2”'  output  combina¬ 
tions.  Q.E.D. 

C  Proof  of  Lemma  4.3 

Proof:  All  unused  state  codes  may  be  used  as  don't  cares  during 
logic  minimization.  Invalid  states  can  only  correspond  to  some 
unused  state  code.  Since  the  combinational  network  is  prime  aud 
irredundant  under  thin  don't  core  net.  there  always  exists  a  valid 
state  that  detects  any  fault  (ana  provides  the  initial  propagation 
to  the  next  state  lines  or  primary  outputs)  that  the  in 'Mid  state 
detects.  Q.E.D. 
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